News

Participate in the eZ Community Survey

Participate in the eZ Community Survey and by doing so, contribute to the eZ Community Strategy 2018-2020. The Survey will only take 5 minutes of your time. Your feedback is used to help us build a strong strategy for community activities, to further improve the ecosystem you are part of. Thank you!

Symfony security advisories

Symfony has published two security advisories which also affects the version eZ Platform runs on. Keep that in mind, in case you spot (new) unexpected problems. Do report them on Slack or our Forum, or even better on jira.ez.no when you are able to pinpoint the problem to these patches.

There is one known issue, see https://jira.ez.no/browse/EZP-29492. The Symfony update removes support for two old headers, if you depend on them you may have to change your code.

eZ Platform v2.2.2 released

Today, eZ has released eZ Platform v2.2.2. This release brings Symfony from 3.4.11 to 3.4.14. It also includes many improvements and bug fixes. Check the changelog on GitHub for the full details.

Meetup, London UK?

A few weeks ago a few community members suggested a local Meetup, location London UK.

As it is, André Rømcke will be speaking at Symfony Live UK on September 28. What about a Meetup on the 27th, with or without PHP London? Any ideas or feedback? People interested to join a Meetup? Leave a reply on our Forum.

Win a ticket to SymfonyLive Berlin

Do you want to be part of the most important Symfony event in the DACH region, one of the most important and popular PHP developer conferences in Germany and beyond.

eZ Systems is giving away a ticket for the SymfonyLive Conference Day Berlin on October 26, 2018. Complete the form, and with a little luck you get to travel to Berlin. Conditions for participation can be found here, the raffle giveaway runs until September 25, 2018. (Be aware that SymfonyLive Berlin is for a good part of it a German speaking event, some talks and workshop being in English others in German)

Become a certified Editor

The French office has organised a free training for Editors on October 18, 2018 in Paris. Do you use eZ Publish or eZ Platform in your daily life or plan to do it? So this day is for you.

Not only will you be able to discover the new features of the back office, increase the skills to facilitate your daily life, you will also meet our experts and share questions and knowledge with them. You will get a certificate proving your skills at the end of the day. Join us in a friendly setting, on the rooftops of Paris, in the 9th arrondissement of the capital. If you are interested, check out more information including a form to sign up.

In Other News:

Resources

Share your blog on ezplatform.com

We love content at eZ. If you want to share yours, for instance a technical write-up of how you realized a project on eZ Platform, we welcome you to share this with us. We can publish you blog on ezplatform.com and also mention it in the ‘Week in Review’. E-mail us with any content ideas you have.

News

Participate in the eZ Community Survey

Participate in the eZ Community Survey and by doing so, contribute to the eZ Community Strategy 2018-2020. The Survey will only take 5 minutes of your time. Your feedback is used to help us build a strong strategy for community activities, to further improve the ecosystem you are part of. Thank you!

Symfony security advisories

Symfony has published two security advisories which also affects the version eZ Platform runs on. Keep that in mind, in case you spot (new) unexpected problems. Do report them on Slack or our Forum, or even better on jira.ez.no when you are able to pinpoint the problem to these patches.

There is one known issue, see https://jira.ez.no/browse/EZP-29492. The Symfony update removes support for two old headers, if you depend on them you may have to change your code.

eZ Platform v2.2.2 released

Today, eZ has released eZ Platform v2.2.2. This release brings Symfony from 3.4.11 to 3.4.14. It also includes many improvements and bug fixes. Check the changelog on GitHub for the full details.

Meetup, London UK?

A few weeks ago a few community members suggested a local Meetup, location London UK.

As it is, André Rømcke will be speaking at Symfony Live UK on September 28. What about a Meetup on the 27th, with or without PHP London? Any ideas or feedback? People interested to join a Meetup? Leave a reply on our Forum.

Win a ticket to SymfonyLive Berlin

Do you want to be part of the most important Symfony event in the DACH region, one of the most important and popular PHP developer conferences in Germany and beyond.

eZ Systems is giving away a ticket for the SymfonyLive Conference Day Berlin on October 26, 2018. Complete the form, and with a little luck you get to travel to Berlin. Conditions for participation can be found here, the raffle giveaway runs until September 25, 2018. (Be aware that SymfonyLive Berlin is for a good part of it a German speaking event, some talks and workshop being in English others in German)

Become a certified Editor

The French office has organised a free training for Editors on October 18, 2018 in Paris. Do you use eZ Publish or eZ Platform in your daily life or plan to do it? So this day is for you.

Not only will you be able to discover the new features of the back office, increase the skills to facilitate your daily life, you will also meet our experts and share questions and knowledge with them. You will get a certificate proving your skills at the end of the day. Join us in a friendly setting, on the rooftops of Paris, in the 9th arrondissement of the capital. If you are interested, check out more information including a form to sign up.

In Other News:

Resources

Share your blog on ezplatform.com

We love content at eZ. If you want to share yours, for instance a technical write-up of how you realized a project on eZ Platform, we welcome you to share this with us. We can publish you blog on ezplatform.com and also mention it in the ‘Week in Review’. E-mail us with any content ideas you have.

Affected versions

Symfony 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13
and 4.1.0 to 4.1.2 versions of the Symfony HttpFoundation component are affected by this
security issue.

The issue has been fixed in Symfony 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and 4.1.3.

Note that no fixes are provided for Symfony 3.0, 3.1, and 3.2 as they are not
maintained anymore.

Description

Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a user to access one URL but have Symfony return a different one which can bypass restrictions on higher level caches and web servers.

The fix drops support for these two obsolete IIS headers: X-Original-URL and X_REWRITE_URL.